Credit card breach warning from point-of-sale terminal vendor

A point-of-sale and security system vendor used by restaurants including TacoTime and Dairy Queen has warned its customers that a customer credit card breach may have leaked their data earlier this year.

Information Systems and Supplies discovered that its remote access service, the popular LogMeIn, had been breached on February 28, according to a report by SC Magazine.

The company warned customers in a notification letter that the LogMeIn service had been breached, possibly in a phishing attack.

Credit card breach occurred between February 28 and April 18

A copy of the letter, seen by BankInfoSecurity, said, “We recently discovered that our LogMeIn account was breached on February 28, March 5 and April 18, 2014. We have reason to believe that the data accessed could include credit card information from any cards used by your customers between these dates.”

The breach impacts restaurants who use FuturePOS, a product sold by IS&S. But the company has stated that not all its customers are affected, and that not all FuturePOS customers have been affected.

Credentials changed

The letter, sent in June, reassures IS&S customers that the company’s LogMeIn credentials have been changed, and a secondary security measure added. The company is also conducting AV scans.

The breach, if confirmed, would be the latest in a string of attacks targeting American retail and restaurant chains – the most recent being a breach affecting PF Chang’s. ESET Senior Research Fellow David Harley discusses the issues of the magnetic-stripe card technology still widely used in America in a blog post this week.